Hack attack targets cash machine jackpot
Posted on 28 Jun 2010 at 08:06
A security expert says flaws in the design of some cash machines make them vulnerable to hackers, who could make the cash dispensers spit out their cash contents.
Barnaby Jack, head of research at security firm IOActive Labs, will demonstrate methods for "jackpotting" ATMs at the Black Hat security conference next month.
“ATMs are not as secure as we would like them to be,” said Jeff Moss, founder of the Black Hat conference. “Barnaby has a number of different attacks that make all the money come out.”
Jack declined to discuss his techniques before the conference, but his comments will send bank security staff into a panic.
If the attacks are as effective as Jack claims then making them public would allow crooks to adopt his methods, but Moss said that going public would raise awareness of the problem among ATM operators and prompt them to tighten security.
One potential route of attack is via communications ports that are sometimes accessible from outside an ATM, Moss said.
“You want everybody to know there are possible ways to jackpot these machines, so they will go and get their machines updated,” he said.
Joe Grand, a hardware security expert, said he was not surprised to learn of Jack's research.
“People are starting to realise that hardware products do have security vulnerabilities. Parking meters, ATMs, everything that has electronics in it can be broken,” Grand said. “A lot of times a hardware product is just a computer in a different shell.”
Banks and Security
Regrettably I think it is unlikely that this news will send banks in to a panic. I've come to the conclusion that banks are a lot less bothered about security than they ought to be.
By jgwilliams on 28 Jun 2010
Guess who pays for security?
The added costs to the banks of increased security will be paid for by the people who always pay - the sustomers!
The first (and only rule of business) is:
The customer ALWAYS pays.
By BornOnTheCusp on 28 Jun 2010
Ever since I saw a cash machine Blue Screen, I've never really trusted them any more to keep money safe....
By all4nothing on 28 Jun 2010
No blue screen, but...
I have seen one come up with an error message, if I remember correctly it was whining about being unable to contact a DHCP server. None of the keys on the keypad would clear it. Wish I'd taken a picture now!
By mspritch on 29 Jun 2010
- How to get the Windows 10 Technical Preview, plus release date, features and latest news
- Why the Microsoft Band could be a game changer
- Windows 10 trackpad shortcuts: Microsoft takes a leaf out of Apple's book
- Internet tax: what it is and why it failed
- HP's vision for the future of PCs: the 3D Sprout
- Google Glass: mugger bait, pub problem and other lessons learned from two dangerous weeks
- Twitter, please don't fiddle with my feed
- How Satya Nadella can get some pay-raise karma
- Windows 10: a step back to go forward
- Michael Dell: Cloud infrastructure is the roads, bridges and highways of the 21st century
- How to check your identity hasn’t been sold to the hackers
- Tim Cook: this is how much TV has changed since the 70s
- Westminster wins the .London battle
- 20 years of PC Pro: from deep pan pizza to virtualisation
- Five reasons why the Apple Watch leaves me cold
- How to sell more ebooks on Amazon
- 10 ways to make your business more secure
- Top five VoIP mistakes
- How to add in-app purchasing to an iPhone, Android or Windows app
- Remote-control ransomware: TeamViewer and software hardball
- Why laptops with serial ports matter to the Internet of Things
- Make your mobile battery last longer
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office